8 Colo. Code Regs. § 1505-11-5

Current through Register Vol. 47, No. 22, November 25, 2024
Rule 8 CCR 1505-11-5 - [Effective 1/1/2025] Notary Commissions
5.1 Definitions

As used in the Revised Uniform Law on Notarial Acts (Title 24, Article 21, Part 5, C.R.S.) and this Rule 5, unless otherwise stated:

5.1.1 "Personal information" means any information or data that is collected or used in order to complete the transaction subject to remote notarization or in the remote notarization itself. The term includes but is not limited to data included in the electronic record that is being remotely notarized.
5.1.2 "Provider" refers collectively to both remote notarization system providers and remote notarization storage providers.
5.1.3 "Remote notarization system provider" means a business entity that provides a remote notarization system, as defined in section 24-21-502 (11.7), C.R.S., that includes storage of both the notarized electronic records and the audio-video recordings required by section 24-21-514.5(9)(a), C.R.S.
5.1.4 "Remote notarization storage provider" means a business entity that solely provides storage of notarized electronic records and the audio-video recordings required by section 24-21-514.5(9)(a), C.R.S.
5.2 Requirements for Remote Notaries
5.2.1 Application
(a) A notary public must submit a notice of intent on the approved application form and receive approval from the Secretary of State before the notary can remotely notarize a document. The notary must submit proof of successful completion of remote notarization training and examination and the required fee.
(b) A notary public must already be commissioned as a Colorado notary public with Active status to be approved as a remote notary.
(c) An individual may file the notice of intent when initially applying to become a Colorado notary public but may only remotely notarize a document after being commissioned and approved.
(d) A remote notary public must renew every four years or until his or her regular notary public commission requires renewal, whichever date comes first. No more than 90 days before renewing his or her remote notary status, the remote notary public must successfully complete the renewal training, pass the required exam, and pay the required fee.
(e) In applying to become a remote notary public or upon renewal, the individual must select at least one approved remote notarization system provider. An applicant may select multiple approved system providers.
5.2.2 Approved Course of Instruction/Examination
(a) The Secretary will provide a remote notarization training course and examination.
(b) If the Secretary determines that there is a need for additional instructors, the Secretary may designate a third-party training course or appoint certified notary public instructors to administer the remote training course and testing for applicants.
5.2.3 Requirements for Remote Notary Public Seal and Electronic Signature
(a) Form of remote notary public seal and electronic signature
(1) A remote notary public must affix to an electronic record a seal that in both appearance and content matches the manually applied official stamp required by section 24-21-517, C.R.S.
(2) The electronic signature used by the remote notary public for remote notarizations must match in appearance the image of the signature that the remote notary public submitted to the Secretary of State for and is on file as the notary's most recent underlying commission as a Colorado notary public. This is the signature identified as the notary public's "official signature" on the notary's most recent affirmation form or on the notary's most recent signature change form, whichever was filed later. A remote notary public may not use the remote notarization application or any update form to change the notary's official signature.
(b) Use of and access to remote notary public's seal and electronic signature
(1) The remote notary's seal and electronic signature must:
(A) Be retained under the remote notary public's sole control and access through the authentication required by Rule 5.3.3 (a)(4).
(B) Appear as images on any visual or printed representation of a remote notarial certificate regardless of the technology being used to affix the images; and
(C) Be attached or logically associated with both the electronic record being notarized and the certificate of notarial act being affixed and linked such that any subsequent alteration to either item is observable through visual examination, i.e., the document must be rendered tamper-evident.
(2) A remote notary public's employer, including the employer's employees and agents, must not use or permit the use of a remote notary's seal or electronic signature by anyone except the remote notary public.
(3) On resignation from or the revocation of the notary public's commission or on the death or adjudication of incompetency of the notary public, the notary or that notary's personal representative or guardian must delete the notary's seal and electronic signature from the remote notary system provider's system.
5.2.4 Journal to record remote notarizations
(a) In addition to the journal information required by section 24-21-519(3), C.R.S., the remote notary public must record the name of the remote notarization system provider used for each remote notarization.
(b) The remote notary public must retain his or her electronic journal under the remote notary public's sole control and access and all other requirements of section 24-21-519, C.R.S. apply.
(c) The electronic journal must be securely backed up and be tamper-evident.
(d) On resignation from or the revocation of the notary public's commission or on the death or adjudication of incompetency of the notary public, the notary or that notary's personal representative or guardian with knowledge of the existence of or knowingly in possession of the remote notarization journal and recordings must retain or dispose of the journal and the audio-video recordings in accordance with sections 24-21-514.5(9)(c) and 24-21-519, C.R.S. Only remote notarization system providers and remote notarization storage providers that have been approved by the Secretary of State may store audio-video recordings.
5.2.5 A remote notary public must stop and restart the remote notarization process from the beginning if:
(a) The remotely located individual or the remote notary public must exit the remote notarization system before completion of the notarial act;
(b) The audio or visual feed is interrupted or terminated; or
(c) The resolution or quality of the transmission becomes such that the remote notary public believes the process has been compromised and cannot be completed.
5.2.6 A remote notary public has an ongoing duty to verify that each remote notary provider used has Active status with the Secretary of State's office before using that provider's remote notarization system to perform a remote notarization. This duty extends to each remote notarization.
5.2.7 In accordance with section 24-21-529(2), C.R.S., a remote notary may charge a fee, not to exceed twenty-five dollars, for the notary's electronic signature.
5.2.8 A remote notary public must notify the Secretary of State in writing through the Secretary of State's online system within 30 days after changing a remote notarization system provider or remote notarization storage provider.
5.2.9 Expiration of the Secretary of State's approval to perform remote notarizations:
(a) Approval automatically expires:
(1) Upon revocation, expiration, or resignation of the notary's commission;
(2) 30 days after the notary's name changes unless the notary previously submitted a name change.
(3) Upon conviction of a felony;
(4) Upon conviction of a misdemeanor involving dishonesty;
(5) If the notary no longer has a place of employment or practice or a residential address in the state of Colorado; or
(6) Upon the revocation of approval of the remote notarization system provider or the remote notarization storage provider used by the remote notary public unless the remote notary public either notified the Secretary of State of another provider or already has alternative providers on file with the Secretary of State as authorized by Rule 5.2.1(e).
(b) If approval expires, the remote notary public or the notary's authorized representative must delete the notary's seal and electronic signature from the remote notary provider's system and dispose of the journal and the audio-video recordings in accordance with sections 24-21-514.5(9)(c) and 24-21-519, C.R.S. unless within 30 days of the expiration, the Secretary of State reapproves the notary.
5.3. Requirements for providers
5.3.1 Provider Protocols
(a) The Colorado Secretary of State's Provider Protocols (December 1, 2020) are hereby incorporated by reference.
(1) Material incorporated by reference in the Notary Rules does not include later amendments or editions of the incorporated material.
(2) Copies of the material incorporated by reference may be obtained by contacting the Colorado Department of State, 1700 Broadway, Suite 550, Denver, CO 80290, (303) 894-2200. Copies are also available online at https://www.coloradosos.gov/pubs/notary/home.html.
5.3.2 Application
(a) A provider must submit the approved application form and receive approval from the Secretary of State before the provider can provide services to a Colorado remote notary public.
(b) The applicant must provide to the Secretary of State in its application:
(1) The certification required by section 24-21-514.5(11)(a), C.R.S.
(2) The following information:
(A) The names of all business entities and any of their affiliates that will have access to either personally identifying information and any non-personally identifying data gathered during the remote notarization process and procedures; and
(B) A copy of the data privacy policy provided to users, which clearly specifies the permissible uses for both personally identifying and non-personally identifying data.
(3) All data and technology specifics required in the application and set forth in the Provider Protocols under Rule 5.3.1.
(c) At the time of application, the applicant must be in Good Standing status as a business entity registered to do business in Colorado and must continue to maintain that status while providing remote notarization services to Colorado remote notaries public.
(d) The Secretary of State may require an applicant to supplement its application with additional information, including an in-person demonstration or electronic demonstration of the applicant's system.
(e) The applicant must pay the required application fee.
5.3.3 Criteria and standards for approval of remote notarization system providers.
(a) In order to be approved and maintain continuing eligibility, a remote notarization system provider must:
(1) Provide a remote notarization system that complies with the technical specifications of these rules and the standards, including data security and integrity requirements, set forth in the Secretary of State's Provider Protocols under Rule 5.3.1;
(2) Verify the authorization of a Colorado notary public to perform remote notarial acts before each remote notarization;
(3) Suspend the use of its remote notarization system for any remote notary public if the notary's underlying commission or the Secretary of State's approval of the notary public to perform remote notarizations has been denied, suspended, or revoked by the Secretary or when the notary has resigned;
(4) Ensure that access to a remote notary public's electronic signature and seal is limited solely to the remote notary public and protected by the use of a password authentication, token authentication, biometric authentication, or other form of authentication that is described in the remote notarization system provider's application;
(5) Verify that a Colorado remote notary public has Active status with the Secretary of State's office at the time of each remote notarization; and
(6) Annually renew its registration with the Secretary of State's office and pay the required fee.
(b) Communication technology provided by the remote notarization system provider must:
(1) Provide for continuous, synchronous audio-visual feeds;
(2) Provide sufficient video resolution and audio clarity to enable the remote notary public and the remotely located individual to see and speak to one another simultaneously through live, real time transmission;
(3) Provide sufficient captured image resolution for credential analysis to be performed in accordance with section 24-21-514.5(6)(b)(II), C.R.S., and this Rule 5;
(4) Include a means of authentication that reasonably ensures only the proper parties have access to the audio-video communication;
(5) Be capable of securely creating and storing or transmitting securely to be stored an electronic recording of the audio-video communication, keeping confidential the questions asked as part of any identity proofing assessment, and the means and methods used to generate the credential analysis output; and
(6) Provide reasonable security measures to prevent unauthorized access to:
(A) The live transmission of the audio-video communication;
(B) A recording of the audio-video communication;
(C) The verification methods and credentials used to verify the identity of the principal; and
(D) The electronic records presented for remote notarization.
(c) Credential analysis provided by a remote notarization system provider must satisfy the requirements of the Secretary of State's Provider Protocols under Rule 5.3.1.
(d) Dynamic, knowledge-based authentication assessment, if selected by a remote notarization system provider as the method of verifying the identity of the remotely located individual per section 24-21-514.5(6)(b)(II)(A), C.R.S., must satisfy the requirements of the Secretary of State's Provider Protocols under Rule 5.3.1.
(e) Public Key Certificate or an identity verification method by a trusted third party. A remote notarization system provider may satisfy section 24-21-514.5(6)(b)(II)(B) or (c), C.R.S., by providing a method of identification of the remotely located individual that satisfies the requirements of the Secretary of State's Provider Protocols under Rule 5.3.1.
(f) Data Storage and security

A remote notarization system provider must provide a storage system that complies with the technical specifications of these rules and the standards, including data security and integrity protocols, set forth in the Secretary of State's Provider Protocols under Rule 5.3.1.

5.3.4 Criteria and standards for approval of remote notarization storage providers

In order to be approved and maintain continuing eligibility, a remote notarization storage provider must provide a storage system that complies with the technical specifications of these rules and the standards, including data security and integrity protocols, set forth in the Secretary of State's Provider Protocols under Rule 5.3.1.

5.3.5 Deficient provider application. If the Secretary of State denies approval of an applicant, the Secretary of State will notify the applicant of any application deficiencies. A rejected applicant may request a hearing in accordance with the State Administrative Procedure Act (Article 4 of Title 24, C.R.S.) and 8 CCR 1505-3, Rule 3.
5.3.6 Notifications
(a) If a remote notarization system provider or storage provider becomes aware of a possible security breach involving its data, the provider must give notice to both the Secretary of State and each Colorado remote notary public using its services no later than 30 days after the date of determination that a security breach occurred. The provider must comply with any other notification requirements of Colorado's data privacy laws.
(b) No later than 30 days before making any changes to the remote notarization system or storage system used by Colorado remote notaries that would impact any previously provided answer in its application about its system that would affect the provider's eligibility for approval, a provider must both request approval from the Secretary of State and notify each Colorado remote notary public using its services. Changes to the system or storage must conform to statutory and rule requirements.
(c) For non-system or storage-related changes to the provider's information on file with the Secretary of State, the provider must notify and update information provided to the Secretary of State no later than 30 days after changes to the provider's previously supplied information. This requirement includes changes to the disclosures required by Rule 5.3.2(b)(2).
5.3.7 Complaints. A person may file a complaint with the Secretary of State against an approved provider. The complaint must allege a specific violation of Colorado's Revised Uniform Law on Notarial Acts or these rules. The person must submit the signed and dated complaint on the Secretary of State's standard form.
5.3.8 Grounds for termination of approval. The Secretary of State may terminate approval of a provider for any of the following reasons:
(a) Violation of any provision of Colorado's Revised Uniform Law on Notarial Acts or these rules;
(b) Making representations that the Secretary of State endorses, recommends, or mandates use of any of the provider's products, goods, or services;
(c) If the provider sustains a data breach; and
(d) Failure to timely respond to the Secretary of State's request for information or otherwise cooperate with an investigation, including providing requested information.
5.3.9 Right respond to and cure noncompliance and right to hearing before terminating, suspending, or imposing conditions on approval.
(a) Except in cases of deliberate and willful violation or of substantial danger to the public health and safety, the Secretary of State will provide a remote notarization system or storage provider with written notice, an opportunity to respond in writing, and a reasonable opportunity to comply with all lawful requirements that may warrant agency proceedings to terminate, suspend, or impose conditions on an existing approval before instituting such proceedings in accordance with the State Administrative Procedure Act (Article 4 of Title 24, C.R.S.) and 8 CCR 1505-3, Rule 3.
(b) Except in cases of deliberate and willful violation or that the public health, safety, or welfare imperatively require emergency action, the Secretary of State will not terminate, suspend, or impose conditions on an existing approval of a remote notarization system or storage provider until after holding a hearing in accordance with the State Administrative Procedure Act (Article 4 of Title 24, C.R.S.) and 8 CCR 1505-3, Rule 3.
(c) Termination does not bar the Secretary of State from beginning or continuing an investigation concerning the provider.

8 CCR 1505-11-5

46 CR 15, August 10, 2023, effective 9/1/2023
47 CR 21, November 10, 2024, effective 1/1/2025